SEC-0001: Kinetica Spectre and Meltdown Security Guidelines

Overview

The recent speculative execution CVEs (CVE-2017-5754CVE-2017-5753 and CVE-2017-5715) address three potential attacks across a wide variety of architectures and hardware platforms. In many cases, these fixes also require microcode updates from the hardware vendors.

While there is no need to patch Kinetica directly in response to these vulnerabilities, there are security precautions that should be taken to help prevent breaches in the underlying software hardware components Kinetica relies on.

Action

To mitigate your potential risk from these two vulnerabilities, we recommend the following steps:

Perform all necessary updates in relation to the vulnerabilities as provided by your Linux Vendor. The vulnerability has already been addressed by all Kinetica supported Linux distributions

Update the NVIDIA driver that Kinetica relies on for communication with the GPU to version 384.111 or higher

Although Kinetica is not aware of any Kinetica specific exploits tied to Spectre or Meltdown at this time, we will continue to monitor developments closely given the potential impact of this vulnerability.

We remain committed to supporting you as more is learned about these vulnerabilities and as always, are here to help.